Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by DOS (2016-04-10 19:53:06) Running from C:\Users\DOS\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2010-02-09 13:59:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-568589206-187183825-684968512-500 - Administrator - Disabled) ASPNET (S-1-5-21-568589206-187183825-684968512-1002 - Limited - Enabled) DOS (S-1-5-21-568589206-187183825-684968512-1000 - Administrator - Enabled) => C:\Users\DOS Guest (S-1-5-21-568589206-187183825-684968512-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-568589206-187183825-684968512-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 9.0.318.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 9.0.375.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1.6 (HKLM-x32\...\Command and Conquer Generals_is1) (Version: - The Dark Side) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.2.0 - IObit) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk) Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.) Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts) COWON Media Center - jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.11 - COWON) CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1501 - CyberLink Corp.) DkZ Studio (HKLM-x32\...\{F656DC79-013A-4683-8692-B938FC00B941}) (Version: 1.0.0.0 - abScroll (c) 2005) Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version: - ) Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit) EmbratoriaG1 (HKLM-x32\...\EmbratoriaG1) (Version: V1.1 - Embratoria) ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GameRanger (HKU\S-1-5-21-568589206-187183825-684968512-1000\...\GameRanger) (Version: - GameRanger Technologies) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc‎.‎) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden Hulk TV (HKLM-x32\...\Hulk TV) (Version: - ) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit) Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Service Pack 1 Redistributable (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729.17 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Mozilla Firefox 45.0.1 (x86 ar) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 ar)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.936 - Electronic Arts) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Operation Flashpoint ®: Red River (HKLM-x32\...\GFWL_{434D083E-7E9A-4D3A-914B-121000008100}) (Version: 1.0.0000.129 - Codemasters) Operation Flashpoint ®: Red River (x32 Version: 1.0.0000.129 - Codemasters) Hidden Patch 2013-2014 FIFA 08 (HKLM\...\Patch 2013-2014 FIFA 082.0) (Version: 2.0 - startimes) PingPlotter 4.12.0 (HKLM-x32\...\{D59AF474-7881-48B7-9120-F23D093BC447}) (Version: 4.12.0.9 - Pingman Tools, LLC) Pro Evolution Soccer 2016 myClub (HKLM-x32\...\Steam App 407250) (Version: - Konami Digital Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Raptr (HKLM-x32\...\Raptr) (Version: 5.0.3-r110001-release - Raptr, Inc) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.4 - IObit) Sniper Ghost Warrior - Gold Edition (HKLM-x32\...\Sniper Ghost Warrior - Gold Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC) System Requirements Lab Detection (HKLM-x32\...\{BEE55ECD-E86F-4A87-9260-55ADBA3017F4}) (Version: 6.1.5.0 - Husdawg, LLC) The Hell in Vietnam (HKLM-x32\...\The Hell in Vietnam_is1) (Version: - City Interactive) Tomb Raider: Underworld 1.0 (HKLM-x32\...\Tomb Raider: Underworld) (Version: - ) USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab) VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 5.00 بيتا 8 (64-بت) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1F160848-E3DD-421D-9CAE-4E1322E21362} - System32\Tasks\ASC9_SkipUac_DOS => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-03-18] (IObit) Task: {2C1A5D28-29AC-4934-9990-3723DF6F2647} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {375A0A8A-AC9C-4203-A89F-5790617A4E53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {47C5A545-D3FD-4588-B665-32C4B5C09744} - \{ED4B120B-6E7B-44E6-9E3D-1A1CE478AA3F} -> No File <==== ATTENTION Task: {57DD03A1-5160-4B1B-A1D5-F9ED47559988} - System32\Tasks\{2065AD07-2BCA-4716-9999-3A85016C2451} => pcalua.exe -a C:\Windows\iun6002.exe -c "D:\ALALAA\generals\irunin.ini" <==== ATTENTION Task: {68FC8F50-EE50-4C31-B0A2-17F3C6093DC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {7AC6389E-86ED-4D77-9B12-C82D372876CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-01] (Adobe Systems Incorporated) Task: {8B08EE65-C3B3-4749-90C0-9735F7D23E8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {E5DAB75A-129D-4E18-8393-A9B238FA483A} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-05-01 17:13 - 2014-05-01 17:13 - 00470016 _____ () C:\Users\DOS\AppData\Local\MEGAsync\ShellExtX64.dll 2013-09-21 17:06 - 2007-03-19 01:05 - 00630784 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2016-01-06 19:41 - 2016-01-06 19:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2016-03-11 23:31 - 2016-03-11 23:31 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1025.dll 2016-04-01 18:22 - 2016-04-01 10:06 - 03452928 _____ () E:\Downloads\Compressed\DestV1.7.1\mainplug.ocx 2013-09-21 17:06 - 2007-03-19 01:04 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2016-04-06 12:38 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll 2016-04-06 12:38 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll 2014-05-01 17:15 - 2014-05-01 17:15 - 00463360 _____ () C:\Users\DOS\AppData\Local\MEGAsync\ShellExtX32.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-04-10 16:07 - 2016-04-10 16:07 - 00003584 _____ () C:\Users\DOS\AppData\Local\Temp\dateinj01.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-568589206-187183825-684968512-1000\...\100sexlinks.com -> 100sexlinks.com There are 4788 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-04-09 12:53 - 2016-04-06 01:33 - 00000131 ____A C:\Windows\system32\Drivers\etc\hosts 164.132.67.120 pes6gate-ec.winning-eleven.net # PESGate Sixserver 91.200.16.56 we9stun.winning-eleven.net # Stunserver ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-568589206-187183825-684968512-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DOS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk => C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup MSCONFIG\startupreg: GarenaPlus => MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" MSCONFIG\startupreg: RazerCortex => MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B8E0E027-72A7-4621-960F-395C56AEF20C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{98B20C35-F171-4490-8D24-83D21F322D63}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{C97C3BC4-0FE8-4A29-B259-A8227EF59B24}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{8C6C85FA-33D1-4E16-B6A2-637D363BCF54}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{3056F790-BB4A-4943-A147-2ED49DAB5771}] => (Allow) D:\SKIDROW\pes2013.exe FirewallRules: [{2D5BE261-CD0C-4A83-B156-103C1C086A06}] => (Allow) D:\SKIDROW\pes2013.exe FirewallRules: [TCP Query User{BE125DB8-A06C-4094-A6E0-2E029E6ECF8B}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [UDP Query User{667A6D76-548B-4CBB-A0A6-3651FEAA29C8}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe FirewallRules: [{301781AF-BF01-434B-AB47-660FE34D9AFF}] => (Allow) LPort=48113 FirewallRules: [{256A191B-E982-4A79-8BB7-ADDC689A2378}] => (Allow) LPort=48114 FirewallRules: [{AC84DA7C-3B31-49CC-ABCE-01E52412D815}] => (Allow) LPort=48113 FirewallRules: [{3D1F4714-DA87-4DC3-94E6-9969B48DB871}] => (Allow) LPort=48114 FirewallRules: [{3B20B3A7-F1A0-4DA5-BFDB-CEEE3CE634AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E90A4AEC-A19A-4F7B-B4C8-81C6ADF0CAF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A34E9AF8-238B-4725-899F-A8EEA6C4E4F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{05AC0FE9-7260-485B-A26E-EF3C9B46212B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{D62CDE12-6C67-470A-B6CB-C8BDF96CED48}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{40B31293-2573-4D5E-A020-702C70DC4BD9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B1A48029-5EB8-449B-827E-30A3E7C29ECF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1B4095A7-DC42-41EC-95E4-763ED3B97E91}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1334EC4B-825B-44F0-84EA-18243B34EB83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{41F741F7-3517-4208-9B84-9D8FA8145B45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3E19B1F4-C22D-494F-967E-95DC98D7E5B9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{BBA283F7-5197-44FB-B882-FF08D1E1DF8C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{9AF9F831-4CFE-4602-87F5-D1892CA657F9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{E5DE297A-7360-4EF6-903D-E55DA6F759E3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{6CEFEAAF-E4D5-4366-8459-82852F880859}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 07-04-2016 01:46:34 Installed PingPlotter 4.12.0 09-04-2016 02:49:18 Installed Microsoft Fix it 50267 09-04-2016 03:56:42 Installed Microsoft Fix it 50267 09-04-2016 18:20:09 Removed iTunes 09-04-2016 18:23:04 Removed iTunes 09-04-2016 18:24:07 Removed Samsung Kies3 09-04-2016 18:31:53 Removed System Requirements Lab Detection 09-04-2016 18:33:13 Removed System Requirements Lab Detection 09-04-2016 18:34:01 Removed System Requirements Lab 10-04-2016 02:05:16 Removed Samsung Kies3 10-04-2016 02:24:52 Removed DkZ Studio 10-04-2016 02:37:04 zoek.exe restore point 10-04-2016 04:25:51 Removed Samsung Kies3 ==================== Faulty Device Manager Devices ============= Name: Intel(R) ICH8 Family USB2 Enhanced Host Controller - 283A Description: Intel(R) ICH8 Family USB2 Enhanced Host Controller - 283A Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (04/10/2016 03:51:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Arab Stars.exe, version: 1.0.0.1, time stamp: 0x4502a65a Faulting module name: kload.DLL, version: 6.6.5.0, time stamp: 0x4a142885 Exception code: 0xc0000005 Fault offset: 0x00030cf3 Faulting process id: 0xea0 Faulting application start time: 0xArab Stars.exe0 Faulting application path: Arab Stars.exe1 Faulting module path: Arab Stars.exe2 Report Id: Arab Stars.exe3 Error: (04/10/2016 03:45:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: YAHYA) Description: Product: ESET Smart Security -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\ef6a6a.ipi, -2147287035, Error: (04/10/2016 11:37:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 08:01:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 04:27:09 AM) (Source: MsiInstaller) (EventID: 10005) (User: YAHYA) Description: Product: Samsung Kies3 -- Error 2203.Database: C:\Windows\Installer\11b266.ipi. Cannot open database file. System error -2147287035. Error: (04/10/2016 04:09:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 02:26:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: YAHYA) Description: Product: DkZ Studio -- Internal Error 2203. C:\Windows\Installer\87357.ipi, -2147287035 Error: (04/10/2016 02:18:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2016 02:06:54 AM) (Source: MsiInstaller) (EventID: 10005) (User: YAHYA) Description: Product: Samsung Kies3 -- Error 2203.Database: C:\Windows\Installer\102439a.ipi. Cannot open database file. System error -2147287035. Error: (04/10/2016 01:38:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Arab Stars.exe, version: 1.0.0.1, time stamp: 0x4502a65a Faulting module name: kload.DLL, version: 6.6.5.0, time stamp: 0x4a142885 Exception code: 0xc0000005 Fault offset: 0x00030cf3 Faulting process id: 0x10b0 Faulting application start time: 0xArab Stars.exe0 Faulting application path: Arab Stars.exe1 Faulting module path: Arab Stars.exe2 Report Id: Arab Stars.exe3 System errors: ============= Error: (04/10/2016 11:37:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (04/10/2016 11:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The atksgt service failed to start due to the following error: %%1275 Error: (04/10/2016 11:36:35 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Driver atksgt.sys has been blocked from loading. Error: (04/10/2016 08:13:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (04/10/2016 08:00:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The atksgt service failed to start due to the following error: %%1275 Error: (04/10/2016 08:00:53 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Driver atksgt.sys has been blocked from loading. Error: (04/10/2016 05:33:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (04/10/2016 04:12:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Advanced SystemCare Service 9 service terminated unexpectedly. It has done this 1 time(s). Error: (04/10/2016 04:09:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (04/10/2016 04:08:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The atksgt service failed to start due to the following error: %%1275 CodeIntegrity: =================================== Date: 2016-04-10 02:15:59.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:59.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:58.945 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:58.820 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:58.117 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:57.961 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:57.789 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:57.648 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:56.805 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-04-10 02:15:56.570 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\DOS\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz Percentage of memory in use: 36% Total physical RAM: 4095.18 MB Available physical RAM: 2581.38 MB Total Virtual: 8188.57 MB Available Virtual: 6423.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:117.09 GB) (Free:45.27 GB) NTFS Drive d: () (Fixed) (Total:174.32 GB) (Free:107.15 GB) NTFS Drive e: () (Fixed) (Total:174.26 GB) (Free:80.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 102EC61B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=174.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=174.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================